Collaborate Disseminate
Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers. Continue reading Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug
The deadline looms for U.S. Cybersecurity and Infrastructure Security Agency’s emergency directive for federal agencies to patch against the so-called ‘Zerologon’ vulnerability. Continue reading DHS Issues Dire Patch Warning for ‘Zerologon’
An emergency directive orders some federal agencies to apply Microsoft’s patch for a critical DNS vulnerability by Friday, July 17 at 2 p.m. (ET). Continue reading CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) recently released a list of the top 10 most commonly exploited software vulnerabilities across the last four years.
Apache Struts was the second most a… Continue reading Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited
The US government is tightening its rules around the registration of government web domains to stop fraudsters impersonating government sites. Continue reading Now you need a notarized document to get a .gov domain
The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own .gov domain.
In November’s piece It’s Way Too Easy to Get a .gov Domain Name, an anonymous source detailed how he obtained one by impersonating an official at a small town in Rhode Island that didn’t already have its own .gov. Continue reading U.S. Govt. Makes it Harder to Get .Gov Domains
The attacker(s) infected both IT and operational networks with an unspecified ransomware strain, though the facility never lost control. Continue reading Ransomware attack forces 2-day shutdown of natural gas pipeline
A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems. Continue reading CISA Pushing U.S. Agencies to Adopt Vulnerability Disclosure Policies
Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain. Continue reading It’s Way Too Easy to Get a .gov Domain Name
Hackers with physical access to small aircraft can easily hack the plane’s CAN bus system and take control of key navigation systems. Continue reading DHS Warning: Small Aircraft are Ripe for Hacking